package com.huawei.android.hicloud.security.service;

import android.content.BroadcastReceiver;
import android.content.Context;
import android.content.Intent;
import android.content.IntentFilter;
import android.content.pm.PackageInfo;
import android.content.pm.PackageManager;
import android.content.pm.Signature;
import android.os.Bundle;
import android.text.TextUtils;
import android.trustcircle.TrustCircleManager;
import com.hihonor.android.trustcircle.TrustCircleManager;
import com.huawei.android.hicloud.commonlib.util.h;
import com.huawei.android.hicloud.security.b.b;
import com.huawei.android.hicloud.security.bean.UserKeyObject;
import com.huawei.hicloud.base.common.HiCloudSafeIntent;
import com.huawei.hicloud.base.common.e;
import com.huawei.hicloud.base.common.k;
import com.huawei.hicloud.base.common.w;
import com.huawei.hicloud.base.i.b.c;
import com.huawei.hicloud.base.i.d.a;
import com.huawei.hicloud.request.userk.bean.UserKeyResp;
import com.huawei.secure.android.common.util.SafeBase64;
import java.io.UnsupportedEncodingException;
import java.security.GeneralSecurityException;
import java.security.MessageDigest;
import java.util.Locale;
import java.util.concurrent.CountDownLatch;
import java.util.concurrent.TimeUnit;

/* loaded from: classes3.dex */
public class TrustCircleUserKey {
    private static final short DEFAULT_TA_VERSION = 1;
    private static final int KA_VERSION_NEW = 1;
    private static final String KEY_TA_VERSION = "TAVersion";
    private static final String KEY_TCISID = "tcisID";
    private static final String TAG = "TrustCircleUserKey";
    private static final String TRUSTCIRCLE_LOGIN_ACTION = "com.huawei.trustcircle.intent.action.TCIS_LOGIN";
    private static final String TRUSTCIRCLE_SEND_PERMISSION = "com.huawei.permission.TRUST_CIRCLE_BROADCAST_SEND";

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: classes3.dex */
    public static class TrustCircleManagerCallback implements TrustCircleManager.KaCallback {
        private final int kaVersion;
        private final UserKeyObject key;
        private final CountDownLatch keyAgreementLatch;
        private final byte[] randomByte;
        private final int type;

        TrustCircleManagerCallback(byte[] bArr, UserKeyObject userKeyObject, CountDownLatch countDownLatch, int i, int i2) {
            this.randomByte = bArr != null ? (byte[]) bArr.clone() : new byte[0];
            this.key = userKeyObject;
            this.keyAgreementLatch = countDownLatch;
            this.type = i;
            this.kaVersion = i2;
        }

        public void onKaError(long j, int i) {
            h.f(TrustCircleUserKey.TAG, "errorCode = " + i);
            CountDownLatch countDownLatch = this.keyAgreementLatch;
            if (countDownLatch != null) {
                countDownLatch.countDown();
            }
        }

        public void onKaResult(long j, int i, byte[] bArr, byte[] bArr2) {
            CountDownLatch countDownLatch;
            try {
                try {
                    if (this.key != null) {
                        h.a(TrustCircleUserKey.TAG, "onKaResult kaVersion: " + this.kaVersion + " type: " + this.type);
                        if (this.kaVersion != 1) {
                            byte[] a2 = b.a(bArr2, this.randomByte, bArr);
                            if (this.type == 1) {
                                this.key.setUserKey(a2);
                            } else if (this.type == 2) {
                                this.key.setUserKeySHA256(SafeBase64.encodeToString(a2, 2));
                            }
                        } else if (this.type == 1) {
                            this.key.setUserKey(bArr2);
                        } else if (this.type == 2) {
                            this.key.setUserKeySHA256(SafeBase64.encodeToString(bArr2, 2));
                        }
                    }
                    countDownLatch = this.keyAgreementLatch;
                    if (countDownLatch == null) {
                        return;
                    }
                } catch (Exception unused) {
                    h.f(TrustCircleUserKey.TAG, "requestTrustCircleSyncUser Exception");
                    countDownLatch = this.keyAgreementLatch;
                    if (countDownLatch == null) {
                        return;
                    }
                }
                countDownLatch.countDown();
            } catch (Throwable th) {
                CountDownLatch countDownLatch2 = this.keyAgreementLatch;
                if (countDownLatch2 != null) {
                    countDownLatch2.countDown();
                }
                throw th;
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: classes3.dex */
    public static class TrustCircleManagerCallbackForHonorS implements TrustCircleManager.KaCallback {
        private final UserKeyObject key;
        private final CountDownLatch keyAgreementLatch;
        private final byte[] randomByte;
        private final int type;

        TrustCircleManagerCallbackForHonorS(byte[] bArr, UserKeyObject userKeyObject, CountDownLatch countDownLatch, int i) {
            this.randomByte = bArr != null ? (byte[]) bArr.clone() : new byte[0];
            this.key = userKeyObject;
            this.keyAgreementLatch = countDownLatch;
            this.type = i;
        }

        public void onKaError(long j, int i) {
            h.f(TrustCircleUserKey.TAG, "errorCode = " + i);
            CountDownLatch countDownLatch = this.keyAgreementLatch;
            if (countDownLatch != null) {
                countDownLatch.countDown();
            }
        }

        public void onKaResult(long j, int i, byte[] bArr, byte[] bArr2) {
            CountDownLatch countDownLatch;
            try {
                try {
                    byte[] a2 = b.a(bArr2, this.randomByte, bArr);
                    if (this.key != null) {
                        if (this.type == 1) {
                            this.key.setUserKey(a2);
                        } else if (this.type == 2) {
                            this.key.setUserKeySHA256(SafeBase64.encodeToString(a2, 2));
                        }
                    }
                    countDownLatch = this.keyAgreementLatch;
                    if (countDownLatch == null) {
                        return;
                    }
                } catch (Exception unused) {
                    h.f(TrustCircleUserKey.TAG, "requestTrustCircleSyncUser Exception");
                    countDownLatch = this.keyAgreementLatch;
                    if (countDownLatch == null) {
                        return;
                    }
                }
                countDownLatch.countDown();
            } catch (Throwable th) {
                CountDownLatch countDownLatch2 = this.keyAgreementLatch;
                if (countDownLatch2 != null) {
                    countDownLatch2.countDown();
                }
                throw th;
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: classes3.dex */
    public static class TrustcircleBroadcastReceiver extends BroadcastReceiver {
        private final CountDownLatch loginLatch;

        TrustcircleBroadcastReceiver(CountDownLatch countDownLatch) {
            this.loginLatch = countDownLatch;
        }

        @Override // android.content.BroadcastReceiver
        public void onReceive(Context context, Intent intent) {
            if (TrustCircleUserKey.TRUSTCIRCLE_LOGIN_ACTION.equalsIgnoreCase(new HiCloudSafeIntent(intent).getAction())) {
                h.a(TrustCircleUserKey.TAG, "Receive trustcircle login broadcast");
                CountDownLatch countDownLatch = this.loginLatch;
                if (countDownLatch != null) {
                    countDownLatch.countDown();
                }
            }
        }
    }

    /* loaded from: classes3.dex */
    private static final class Type {
        public static final int KEY = 1;
        public static final int SHA256 = 2;

        private Type() {
        }
    }

    private static String bytes2Hex(byte[] bArr) {
        if (bArr == null) {
            return "";
        }
        StringBuilder sb = new StringBuilder();
        for (byte b2 : bArr) {
            String hexString = Integer.toHexString(b2 & 255);
            if (hexString.length() == 1) {
                sb.append("0");
            }
            sb.append(hexString);
        }
        return sb.toString();
    }

    /* JADX WARN: Removed duplicated region for block: B:29:0x0117 A[Catch: InterruptedException -> 0x011d, TRY_LEAVE, TryCatch #0 {InterruptedException -> 0x011d, blocks: (B:27:0x010f, B:29:0x0117), top: B:26:0x010f }] */
    /* JADX WARN: Removed duplicated region for block: B:32:? A[RETURN, SYNTHETIC] */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    private void decryptTrustUserKey(android.trustcircle.TrustCircleManager r24, com.huawei.hicloud.request.userk.bean.UserKeyResp r25, com.huawei.android.hicloud.security.bean.UserKeyObject r26, long r27, int r29, java.lang.String r30, int r31, boolean r32) throws java.lang.Exception {
        /*
            Method dump skipped, instructions count: 291
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: com.huawei.android.hicloud.security.service.TrustCircleUserKey.decryptTrustUserKey(android.trustcircle.TrustCircleManager, com.huawei.hicloud.request.userk.bean.UserKeyResp, com.huawei.android.hicloud.security.bean.UserKeyObject, long, int, java.lang.String, int, boolean):void");
    }

    private static String getApkSignatureHash(Context context) {
        try {
            PackageInfo packageInfo = context.getPackageManager().getPackageInfo("com.huawei.hidisk", 64);
            if (packageInfo == null) {
                return "";
            }
            StringBuilder sb = new StringBuilder(packageInfo.packageName);
            if (packageInfo.signatures != null) {
                for (Signature signature : packageInfo.signatures) {
                    sb.append(":");
                    sb.append(bytes2Hex(signature.toByteArray()));
                }
            }
            return getSHA256(sb.toString().toLowerCase(Locale.US));
        } catch (Exception unused) {
            h.f(TAG, "getApkSignatureHash Exception");
            return "";
        }
    }

    private Context getContext() {
        return e.a();
    }

    private Bundle getDataFromTrustCircle(android.trustcircle.TrustCircleManager trustCircleManager) throws Exception {
        Bundle tcisInfo = trustCircleManager.getTcisInfo();
        if (tcisInfo == null) {
            throw new com.huawei.android.hicloud.c.h("getTcisInfo bundle is null");
        }
        if (TextUtils.isEmpty(new com.huawei.secure.android.common.intent.b(tcisInfo).d("hwUserId"))) {
            waitForTrustCircleLogin();
        }
        Bundle tcisInfo2 = trustCircleManager.getTcisInfo();
        if (tcisInfo2 == null) {
            throw new com.huawei.android.hicloud.c.h("getTcisInfo bundle is null");
        }
        if (TextUtils.isEmpty(new com.huawei.secure.android.common.intent.b(tcisInfo2).d("hwUserId"))) {
            throw new com.huawei.android.hicloud.c.h("hwUserId is null, use old interface");
        }
        return tcisInfo2;
    }

    private Bundle getDataFromTrustCircleForHonorS(com.hihonor.android.trustcircle.TrustCircleManager trustCircleManager) throws Exception {
        Bundle tcisInfo = trustCircleManager.getTcisInfo();
        if (tcisInfo == null) {
            throw new com.huawei.android.hicloud.c.h("getTcisInfo bundle is null");
        }
        if (TextUtils.isEmpty(new com.huawei.secure.android.common.intent.b(tcisInfo).d("hwUserId"))) {
            waitForTrustCircleLogin();
        }
        Bundle tcisInfo2 = trustCircleManager.getTcisInfo();
        if (tcisInfo2 == null) {
            throw new com.huawei.android.hicloud.c.h("getTcisInfo bundle is null");
        }
        if (TextUtils.isEmpty(new com.huawei.secure.android.common.intent.b(tcisInfo2).d("hwUserId"))) {
            throw new com.huawei.android.hicloud.c.h("hwUserId is null, use old interface");
        }
        return tcisInfo2;
    }

    private UserKeyObject getKeySHA256(UserKeyObject userKeyObject, String str, int i, int i2) throws com.huawei.hicloud.base.d.b {
        String userKeySHA256 = userKeyObject.getUserKeySHA256();
        if (TextUtils.isEmpty(userKeySHA256)) {
            h.f(TAG, "decrypt trust circle SHA256 is empty");
            UserKeyUtils.getInstance().report("decrypt trust circle SHA256 is empty", str, i, i2);
            throw new com.huawei.hicloud.base.d.b(4001, "decrypt trust circle SHA256 is empty");
        }
        UserKeyUtils.getInstance().setTrustCircleKeySHA256(userKeySHA256);
        byte[] userKey = userKeyObject.getUserKey();
        if (userKey == null || userKey.length == 0) {
            h.f(TAG, "decrypt trust circle key is empty");
            UserKeyUtils.getInstance().report("decrypt trust circle key is empty", str, i, i2);
            throw new com.huawei.hicloud.base.d.b(4001, "decrypt trust circle key is empty");
        }
        UserKeyUtils.getInstance().setTrustCircleKey(SafeBase64.encodeToString(userKey, 2));
        byte[] a2 = k.a(userKey);
        if (a2 == null || a2.length == 0) {
            h.f(TAG, "hash trust circle key SHA256 error");
            UserKeyUtils.getInstance().report("hash trust circle key SHA256 error", str, i, i2);
            throw new com.huawei.hicloud.base.d.b(4001, "hash trust circle key SHA256 error");
        }
        String encodeToString = SafeBase64.encodeToString(a2, 2);
        if (TextUtils.isEmpty(encodeToString)) {
            h.f(TAG, "base 64 encode trust circle key SHA256 error");
            UserKeyUtils.getInstance().report("base 64 encode trust circle key SHA256 error", str, i, i2);
            throw new com.huawei.hicloud.base.d.b(4001, "base 64 encode trust circle key SHA256 error");
        }
        if (!encodeToString.equals(userKeySHA256)) {
            h.f(TAG, "compare trust circle key SHA256 error");
            UserKeyUtils.getInstance().report("compare trust circle key SHA256 error", str, i, i2);
            throw new com.huawei.hicloud.base.d.b(4001, "compare trust circle key SHA256 error");
        }
        h.a(TAG, "compare trust circle key SHA256 ok");
        StringBuilder sb = new StringBuilder();
        String a3 = c.a(encodeToString, sb);
        if (!TextUtils.isEmpty(a3)) {
            userKeyObject.setUserKeySHA256(a3);
            h.a(TAG, "get user key success, by trust circle");
            UserKeyUtils.getInstance().report("get user key success, by trust circle", str, i, i2);
            return userKeyObject;
        }
        h.f(TAG, "keystore encrypt trust circle key SHA256 error");
        sb.append(", error info: ");
        sb.append("keystore encrypt trust circle key SHA256 error");
        UserKeyUtils.getInstance().report(sb.toString(), str, i, i2);
        throw new com.huawei.hicloud.base.d.b(4001, "keystore encrypt trust circle key SHA256 error");
    }

    private static String getSHA256(String str) {
        if (str != null && !str.isEmpty()) {
            try {
                return bytes2Hex(MessageDigest.getInstance("SHA256").digest(str.getBytes("utf-8")));
            } catch (UnsupportedEncodingException unused) {
                h.f(TAG, "Unsupported utf-8 Encoding.");
            } catch (GeneralSecurityException unused2) {
                h.f(TAG, "messageDigest GeneralSecurityException.");
            }
        }
        return "";
    }

    private boolean isTrustCircleExist() {
        try {
            getContext().getPackageManager().getPackageInfo("com.huawei.trustcircle", 1);
            return true;
        } catch (PackageManager.NameNotFoundException unused) {
            return false;
        }
    }

    private void waitForTrustCircleLogin() {
        CountDownLatch countDownLatch = new CountDownLatch(1);
        TrustcircleBroadcastReceiver trustcircleBroadcastReceiver = new TrustcircleBroadcastReceiver(countDownLatch);
        getContext().registerReceiver(trustcircleBroadcastReceiver, new IntentFilter(TRUSTCIRCLE_LOGIN_ACTION), TRUSTCIRCLE_SEND_PERMISSION, null);
        try {
            if (!countDownLatch.await(4L, TimeUnit.SECONDS)) {
                h.c(TAG, "waitForTrustCircleLogin await failed");
            }
        } catch (InterruptedException unused) {
            h.f(TAG, "waitForTrustCircleLogin InterruptedException");
        }
        getContext().unregisterReceiver(trustcircleBroadcastReceiver);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public UserKeyObject requestTrustCircleSyncUser(com.huawei.hicloud.request.userk.b bVar, int i, String str, int i2, boolean z) throws Exception {
        if (!isTrustCircleExist()) {
            throw new com.huawei.android.hicloud.c.h("TrustCircle doesn't exist, use old interface");
        }
        UserKeyObject userKeyObject = new UserKeyObject();
        android.trustcircle.TrustCircleManager trustCircleManager = android.trustcircle.TrustCircleManager.getInstance();
        Bundle dataFromTrustCircle = getDataFromTrustCircle(trustCircleManager);
        String string = dataFromTrustCircle.getString(KEY_TCISID);
        short s = dataFromTrustCircle.getShort(KEY_TA_VERSION, (short) -1);
        long b2 = w.b(dataFromTrustCircle.getString("hwUserId"));
        if (TextUtils.isEmpty(string) || s < 1) {
            throw new com.huawei.android.hicloud.c.h("tcisID is empty or TA not support, use old interface");
        }
        UserKeyResp a2 = bVar.a(i, str, i2, string, s, getApkSignatureHash(getContext()));
        userKeyObject.setUserKeyGuid(a2.getGuid());
        decryptTrustUserKey(trustCircleManager, a2, userKeyObject, b2, i, str, i2, z);
        if (userKeyObject.getUserKey() == null) {
            throw new com.huawei.android.hicloud.c.h("requestTrustCircleSyncUser failed, use old interface");
        }
        h.a(TAG, "requestTrustCircleSyncUser succeed");
        return z ? getKeySHA256(userKeyObject, str, i, i2) : userKeyObject;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public UserKeyObject requestTrustCircleSyncUserForHonorS(com.huawei.hicloud.request.userk.b bVar, int i, String str, int i2, boolean z) throws Exception {
        String str2;
        byte[] bArr;
        CountDownLatch countDownLatch;
        if (!isTrustCircleExist()) {
            throw new com.huawei.android.hicloud.c.h("TrustCircle doesn't exist, use old interface");
        }
        UserKeyObject userKeyObject = new UserKeyObject();
        com.hihonor.android.trustcircle.TrustCircleManager trustCircleManager = com.hihonor.android.trustcircle.TrustCircleManager.getInstance();
        Bundle dataFromTrustCircleForHonorS = getDataFromTrustCircleForHonorS(trustCircleManager);
        String string = dataFromTrustCircleForHonorS.getString(KEY_TCISID);
        short s = dataFromTrustCircleForHonorS.getShort(KEY_TA_VERSION, (short) -1);
        long b2 = w.b(dataFromTrustCircleForHonorS.getString("hwUserId"));
        if (TextUtils.isEmpty(string) || s < 1) {
            throw new com.huawei.android.hicloud.c.h("tcisID is empty or TA not support, use old interface");
        }
        UserKeyResp a2 = bVar.a(i, str, i2, string, s, getApkSignatureHash(getContext()));
        userKeyObject.setUserKeyGuid(a2.getGuid());
        String[] split = a2.getUserKey().split(":");
        int a3 = w.a(split[0]);
        String str3 = split[1];
        byte[] a4 = a.a(16);
        byte[] a5 = b.a(a4);
        CountDownLatch countDownLatch2 = new CountDownLatch(1);
        if (z) {
            String keySHA256 = a2.getKeySHA256();
            if (TextUtils.isEmpty(keySHA256)) {
                h.f(TAG, "responseKeySHA256 is empty");
                UserKeyUtils.getInstance().report("responseKeySHA256 is empty", str, i, i2);
                throw new com.huawei.hicloud.base.d.b(4001, "responseKeySHA256 is empty");
            }
            String[] split2 = keySHA256.split(":");
            if (keySHA256.length() < 2) {
                h.f(TAG, "splitResponseKeySHA256 length not ok");
                UserKeyUtils.getInstance().report("splitResponseKeySHA256 length not ok", str, i, i2);
                throw new com.huawei.hicloud.base.d.b(4001, "splitResponseKeySHA256 length not ok");
            }
            int a6 = w.a(split2[0]);
            String str4 = split2[1];
            CountDownLatch countDownLatch3 = new CountDownLatch(2);
            TrustCircleManagerCallbackForHonorS trustCircleManagerCallbackForHonorS = new TrustCircleManagerCallbackForHonorS(a4, userKeyObject, countDownLatch3, 2);
            str2 = TAG;
            bArr = a4;
            trustCircleManager.initKeyAgreement(trustCircleManagerCallbackForHonorS, a6, b2, a5, str4);
            countDownLatch = countDownLatch3;
        } else {
            str2 = TAG;
            bArr = a4;
            countDownLatch = countDownLatch2;
        }
        TrustCircleManagerCallbackForHonorS trustCircleManagerCallbackForHonorS2 = new TrustCircleManagerCallbackForHonorS(bArr, userKeyObject, countDownLatch, 1);
        CountDownLatch countDownLatch4 = countDownLatch;
        trustCircleManager.initKeyAgreement(trustCircleManagerCallbackForHonorS2, a3, b2, a5, str3);
        try {
            if (!countDownLatch4.await(5L, TimeUnit.SECONDS)) {
                h.c(str2, "requestTrustCircleSyncUser await failed");
            }
        } catch (InterruptedException unused) {
            h.f(str2, "initKeyAgreement InterruptedException");
        }
        if (userKeyObject.getUserKey() == null) {
            throw new com.huawei.android.hicloud.c.h("requestTrustCircleSyncUser failed, use old interface");
        }
        h.a(str2, "requestTrustCircleSyncUser succeed");
        return z ? getKeySHA256(userKeyObject, str, i, i2) : userKeyObject;
    }
}
